Mapping Risk Assessment Strategy for COVID-19 Mobile Apps’ Vulnerabilities

Tanusree Sharma; Hunter A. Dyer; Roy H. Campbell; Masooda Bashir

doi:10.1007/978-3-030-80119-9_72

Mapping Risk Assessment Strategy for COVID-19 Mobile Apps’ Vulnerabilities

Tanusree Sharma, Hunter A. Dyer, Roy H. Campbell, Masooda Bashir

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Recent innovations in mobile technologies are playing an important and vital role in combating the COVID-19 pandemic. While mobile apps’ functionality plays a crucial role in tackling the COVID-19 spread, it is also raising concerns about the associated privacy risks that users may face. Recent research studies have showed various technological measures on mobile applications that lack consideration of privacy risks in their data practices. For example, security vulnerabilities in COVID-19 apps can be exploited and therefore also pose privacy violations. In this paper, we focus on recent and newly developed COVID-19 apps and consider their threat landscape. Our objective was to identify security vulnerabilities that can lead to user-level privacy risks. We also formalize our approach by measuring the level of risk associated with assets and services that attackers may be targeting to capture during the exploitation. We utilized baseline risk assessment criteria within the scope of three specific security vulnerabilities that often exists in COVID-19 applications namely credential leaks, insecure communication, and HTTP request libraries. We present a proof of concept implementation for risk assessment of COVID-19 apps that can be utilized to evaluate privacy risk by the impact of assets and threat likelihood.

Original language	English (US)
Title of host publication	Intelligent Computing - Proceedings of the 2021 Computing Conference
Editors	Kohei Arai
Publisher	Springer
Pages	1082-1096
Number of pages	15
ISBN (Print)	9783030801182
DOIs	https://doi.org/10.1007/978-3-030-80119-9_72
State	Published - 2022
Event	Computing Conference, 2021 - Virtual, Online Duration: Jul 15 2021 → Jul 16 2021

Publication series

Name	Lecture Notes in Networks and Systems
Volume	283
ISSN (Print)	2367-3370
ISSN (Electronic)	2367-3389

Conference

Conference	Computing Conference, 2021
City	Virtual, Online
Period	7/15/21 → 7/16/21

Keywords

COVID-19
Mobile apps
Privacy risks
Threat likelihood

ASJC Scopus subject areas

Control and Systems Engineering
Signal Processing
Computer Networks and Communications

Online availability

10.1007/978-3-030-80119-9_72

Library availability

Discover UIUC Full Text

Cite this

Mapping Risk Assessment Strategy for COVID-19 Mobile Apps’ Vulnerabilities. / Sharma, Tanusree; Dyer, Hunter A.; Campbell, Roy H. et al.
Intelligent Computing - Proceedings of the 2021 Computing Conference. ed. / Kohei Arai. Springer, 2022. p. 1082-1096 (Lecture Notes in Networks and Systems; Vol. 283).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Sharma, T, Dyer, HA, Campbell, RH & Bashir, M 2022, Mapping Risk Assessment Strategy for COVID-19 Mobile Apps’ Vulnerabilities. in K Arai (ed.), Intelligent Computing - Proceedings of the 2021 Computing Conference. Lecture Notes in Networks and Systems, vol. 283, Springer, pp. 1082-1096, Computing Conference, 2021, Virtual, Online, 7/15/21. https://doi.org/10.1007/978-3-030-80119-9_72

@inproceedings{6076fb66457a42978e80bf0b31e608fb,

title = "Mapping Risk Assessment Strategy for COVID-19 Mobile Apps{\textquoteright} Vulnerabilities",

abstract = "Recent innovations in mobile technologies are playing an important and vital role in combating the COVID-19 pandemic. While mobile apps{\textquoteright} functionality plays a crucial role in tackling the COVID-19 spread, it is also raising concerns about the associated privacy risks that users may face. Recent research studies have showed various technological measures on mobile applications that lack consideration of privacy risks in their data practices. For example, security vulnerabilities in COVID-19 apps can be exploited and therefore also pose privacy violations. In this paper, we focus on recent and newly developed COVID-19 apps and consider their threat landscape. Our objective was to identify security vulnerabilities that can lead to user-level privacy risks. We also formalize our approach by measuring the level of risk associated with assets and services that attackers may be targeting to capture during the exploitation. We utilized baseline risk assessment criteria within the scope of three specific security vulnerabilities that often exists in COVID-19 applications namely credential leaks, insecure communication, and HTTP request libraries. We present a proof of concept implementation for risk assessment of COVID-19 apps that can be utilized to evaluate privacy risk by the impact of assets and threat likelihood.",

keywords = "COVID-19, Mobile apps, Privacy risks, Threat likelihood",

author = "Tanusree Sharma and Dyer, {Hunter A.} and Campbell, {Roy H.} and Masooda Bashir",

note = "Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.; Computing Conference, 2021 ; Conference date: 15-07-2021 Through 16-07-2021",

year = "2022",

doi = "10.1007/978-3-030-80119-9_72",

language = "English (US)",

isbn = "9783030801182",

series = "Lecture Notes in Networks and Systems",

publisher = "Springer",

pages = "1082--1096",

editor = "Kohei Arai",

booktitle = "Intelligent Computing - Proceedings of the 2021 Computing Conference",

address = "Germany",

}

TY - GEN

T1 - Mapping Risk Assessment Strategy for COVID-19 Mobile Apps’ Vulnerabilities

AU - Sharma, Tanusree

AU - Dyer, Hunter A.

AU - Campbell, Roy H.

AU - Bashir, Masooda

PY - 2022

Y1 - 2022

N2 - Recent innovations in mobile technologies are playing an important and vital role in combating the COVID-19 pandemic. While mobile apps’ functionality plays a crucial role in tackling the COVID-19 spread, it is also raising concerns about the associated privacy risks that users may face. Recent research studies have showed various technological measures on mobile applications that lack consideration of privacy risks in their data practices. For example, security vulnerabilities in COVID-19 apps can be exploited and therefore also pose privacy violations. In this paper, we focus on recent and newly developed COVID-19 apps and consider their threat landscape. Our objective was to identify security vulnerabilities that can lead to user-level privacy risks. We also formalize our approach by measuring the level of risk associated with assets and services that attackers may be targeting to capture during the exploitation. We utilized baseline risk assessment criteria within the scope of three specific security vulnerabilities that often exists in COVID-19 applications namely credential leaks, insecure communication, and HTTP request libraries. We present a proof of concept implementation for risk assessment of COVID-19 apps that can be utilized to evaluate privacy risk by the impact of assets and threat likelihood.

AB - Recent innovations in mobile technologies are playing an important and vital role in combating the COVID-19 pandemic. While mobile apps’ functionality plays a crucial role in tackling the COVID-19 spread, it is also raising concerns about the associated privacy risks that users may face. Recent research studies have showed various technological measures on mobile applications that lack consideration of privacy risks in their data practices. For example, security vulnerabilities in COVID-19 apps can be exploited and therefore also pose privacy violations. In this paper, we focus on recent and newly developed COVID-19 apps and consider their threat landscape. Our objective was to identify security vulnerabilities that can lead to user-level privacy risks. We also formalize our approach by measuring the level of risk associated with assets and services that attackers may be targeting to capture during the exploitation. We utilized baseline risk assessment criteria within the scope of three specific security vulnerabilities that often exists in COVID-19 applications namely credential leaks, insecure communication, and HTTP request libraries. We present a proof of concept implementation for risk assessment of COVID-19 apps that can be utilized to evaluate privacy risk by the impact of assets and threat likelihood.

KW - COVID-19

KW - Mobile apps

KW - Privacy risks

KW - Threat likelihood

UR - http://www.scopus.com/inward/record.url?scp=85112504259&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85112504259&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-80119-9_72

DO - 10.1007/978-3-030-80119-9_72

M3 - Conference contribution

AN - SCOPUS:85112504259

SN - 9783030801182

T3 - Lecture Notes in Networks and Systems

SP - 1082

EP - 1096

BT - Intelligent Computing - Proceedings of the 2021 Computing Conference

A2 - Arai, Kohei

PB - Springer

T2 - Computing Conference, 2021

Y2 - 15 July 2021 through 16 July 2021

ER -

Mapping Risk Assessment Strategy for COVID-19 Mobile Apps’ Vulnerabilities

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this